diff --git a/admin/templates/articles/article-edit.php b/admin/templates/articles/article-edit.php index 24e8d84..c7e7f9d 100644 --- a/admin/templates/articles/article-edit.php +++ b/admin/templates/articles/article-edit.php @@ -4,6 +4,17 @@ $this -> user['id'], + 'expires' => time() + 60*20 +]; + +$_SESSION['rfm_akey'] = bin2hex(random_bytes(16)); +$_SESSION['rfm_akey_expires'] = time() + 20*60; +$_SESSION['can_use_rfm'] = true; +$rfmAkeyJS = $_SESSION['rfm_akey']; + ob_start(); ?>
@@ -95,7 +106,11 @@ ob_start(); $( function() { $( '#text_, #entry_, #table_of_contents_' ).ckeditor( { toolbar : 'MyToolbar', - height:'250' + height:'250', + filebrowserBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&akey=', + filebrowserImageBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&akey=', + filebrowserUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&upload=1&akey=', + filebrowserImageUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&upload=1&akey=' }); }); @@ -401,6 +416,9 @@ echo $grid -> draw(); $( "#images-uploader" ).pluploadQueue( { + multipart_params: { + upload_token: '', + }, runtimes: 'html5,flash,html4', init: { @@ -453,6 +471,9 @@ echo $grid -> draw(); $( "#files-uploader" ).pluploadQueue( { + multipart_params: { + upload_token: '', + }, runtimes: 'html5,flash,html4', init: { diff --git a/admin/templates/shop-product/product-edit.php b/admin/templates/shop-product/product-edit.php index 528d301..d3ae45e 100644 --- a/admin/templates/shop-product/product-edit.php +++ b/admin/templates/shop-product/product-edit.php @@ -4,6 +4,17 @@ $this -> user['id'], + 'expires' => time() + 60*20 +]; + +$_SESSION['rfm_akey'] = bin2hex(random_bytes(16)); +$_SESSION['rfm_akey_expires'] = time() + 20*60; +$_SESSION['can_use_rfm'] = true; +$rfmAkeyJS = $_SESSION['rfm_akey']; + ob_start(); ?> @@ -119,7 +130,11 @@ ob_start(); $(function() { $('#short_description_, #description_').ckeditor({ toolbar: 'MyToolbar', - height: '250' + height: '250', + filebrowserBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&akey=', + filebrowserImageBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&akey=', + filebrowserUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&upload=1&akey=', + filebrowserImageUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&upload=1&akey=' }); }); @@ -208,7 +223,11 @@ ob_start(); $(function() { $('#tab_description_1_, #tab_description_2_').ckeditor({ toolbar: 'MyToolbar', - height: '250' + height: '250', + filebrowserBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&akey=', + filebrowserImageBrowseUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&akey=', + filebrowserUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=2&editor=ckeditor&upload=1&akey=', + filebrowserImageUploadUrl: '/libraries/filemanager-9.14.2/dialog.php?type=1&editor=ckeditor&upload=1&akey=' }); }); @@ -826,6 +845,9 @@ echo $grid->draw(); }); $("#images-uploader").pluploadQueue({ + multipart_params: { + upload_token: '', + }, runtimes: 'html5,flash,html4', init: { Refresh: function(up) { @@ -874,6 +896,9 @@ echo $grid->draw(); }); $("#files-uploader").pluploadQueue({ + multipart_params: { + upload_token: '', + }, runtimes: 'html5,flash,html4', init: { Refresh: function(up) { diff --git a/autoload/admin/controls/class.Articles.php b/autoload/admin/controls/class.Articles.php index 376df2d..a7e32b3 100644 --- a/autoload/admin/controls/class.Articles.php +++ b/autoload/admin/controls/class.Articles.php @@ -39,19 +39,24 @@ class Articles exit; } - public static function article_edit() - { + public static function article_edit() { + global $user; + + if ( !$user ) { + header( 'Location: /admin/' ); + exit; + } + \admin\factory\Articles::delete_nonassigned_images(); \admin\factory\Articles::delete_nonassigned_files(); - return \admin\view\Articles::article_edit( - \admin\factory\Articles::article_details( - \S::get( 'id' ) - ), - \admin\factory\Pages::menus_list(), - \admin\factory\Languages::languages_list(), - \admin\factory\Layouts::layouts_list() - ); + return \Tpl::view( 'articles/article-edit', [ + 'article' => \admin\factory\Articles::article_details( (int)\S::get( 'id' ) ), + 'menus' => \admin\factory\Pages::menus_list(), + 'languages' => \admin\factory\Languages::languages_list(), + 'layouts' => \admin\factory\Layouts::layouts_list(), + 'user' => $user + ] ); } public static function view_list() diff --git a/autoload/admin/controls/class.ShopProduct.php b/autoload/admin/controls/class.ShopProduct.php index 9bb79f5..5a086bf 100644 --- a/autoload/admin/controls/class.ShopProduct.php +++ b/autoload/admin/controls/class.ShopProduct.php @@ -229,22 +229,29 @@ class ShopProduct } // edycja produktu - public static function product_edit() - { + public static function product_edit() { + global $user; + + if ( !$user ) { + header( 'Location: /admin/' ); + exit; + } + \admin\factory\ShopProduct::delete_nonassigned_images(); \admin\factory\ShopProduct::delete_nonassigned_files(); return \Tpl::view( 'shop-product/product-edit', [ - 'product' => \admin\factory\ShopProduct::product_details( (int) \S::get( 'id' ) ), - 'languages' => \admin\factory\Languages::languages_list(), - 'categories' => \admin\factory\ShopCategory::subcategories( null ), - 'layouts' => \admin\factory\Layouts::layouts_list(), - 'products' => \admin\factory\ShopProduct::products_list(), - 'dlang' => \front\factory\Languages::default_language(), - 'sets' => \shop\ProductSet::sets_list(), - 'producers' => \admin\factory\ShopProducer::all(), - 'units' => \admin\factory\Dictionaries::all_units() - ] ); + 'product' => \admin\factory\ShopProduct::product_details( (int) \S::get( 'id' ) ), + 'languages' => \admin\factory\Languages::languages_list(), + 'categories' => \admin\factory\ShopCategory::subcategories( null ), + 'layouts' => \admin\factory\Layouts::layouts_list(), + 'products' => \admin\factory\ShopProduct::products_list(), + 'dlang' => \front\factory\Languages::default_language(), + 'sets' => \shop\ProductSet::sets_list(), + 'producers' => \admin\factory\ShopProducer::all(), + 'units' => \admin\factory\Dictionaries::all_units(), + 'user' => $user + ] ); } // ajax_load_products ARCHIVE diff --git a/autoload/admin/view/class.Articles.php b/autoload/admin/view/class.Articles.php index 4722564..687c4cd 100644 --- a/autoload/admin/view/class.Articles.php +++ b/autoload/admin/view/class.Articles.php @@ -8,7 +8,7 @@ class Articles $tpl = new \Tpl; return $tpl -> render( 'articles/articles-browse-list' ); } - + public static function subpages_list( $pages, $article_pages, $parent_id = 0, $step = 1 ) { $tpl = new \Tpl(); @@ -18,21 +18,11 @@ class Articles $tpl -> article_pages = $article_pages; return $tpl -> render( 'articles/subpages-list' ); } - + public static function articles_list() { $tpl = new \Tpl; return $tpl -> render( 'articles/articles-list' ); } - - public static function article_edit( $article, $menus, $languages, $layouts ) - { - $tpl = new \Tpl; - $tpl -> article = $article; - $tpl -> menus = $menus; - $tpl -> languages = $languages; - $tpl -> layouts = $layouts; - return $tpl -> render( 'articles/article-edit' ); - } } ?> \ No newline at end of file diff --git a/libraries/filemanager-9.14.2/dialog.php b/libraries/filemanager-9.14.2/dialog.php index 9a3d71f..ace2dbb 100644 --- a/libraries/filemanager-9.14.2/dialog.php +++ b/libraries/filemanager-9.14.2/dialog.php @@ -1,4 +1,20 @@ 'Brak tokenu uploadu'] ); + exit; +} + +$tokenData = $_SESSION['upload_tokens'][$upload_token]; +if ( $tokenData['expires'] < time() ) { + unset( $_SESSION['upload_tokens'][$upload_token] ); + http_response_code(403); + echo json_encode( ['error' => 'Token wygasł'] ); + exit; +} + $mdb = new medoo( [ 'database_type' => 'mysql', 'database_name' => $database['name'], @@ -34,14 +49,14 @@ $fileName = isset( $_REQUEST["name"] ) ? $_REQUEST["name"] : ''; $fileName = preg_replace( '/[^\w\._]+/', '-', $fileName ); -if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) ) +if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) ) { $ext = strrpos( $fileName, '.' ); $fileName_a = substr( $fileName, 0, $ext ); $fileName_b = substr( $fileName, $ext ); $count = 1; - + while ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b ) ) $count++; @@ -50,9 +65,9 @@ if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) ) $filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName; -if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir ) ) ) +if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir ) ) ) { - while ( ( $file = readdir( $dir ) ) !== false ) + while ( ( $file = readdir( $dir ) ) !== false ) { $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file; @@ -62,7 +77,7 @@ if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir ) } closedir($dir); -} +} else die( '{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}' ); @@ -72,40 +87,40 @@ if ( isset( $_SERVER["HTTP_CONTENT_TYPE"] ) ) if ( isset( $_SERVER["CONTENT_TYPE"] ) ) $contentType = $_SERVER["CONTENT_TYPE"]; -if ( strpos( $contentType, "multipart" ) !== false ) +if ( strpos( $contentType, "multipart" ) !== false ) { - if ( isset( $_FILES['file']['tmp_name'] ) && is_uploaded_file( $_FILES['file']['tmp_name'] ) ) + if ( isset( $_FILES['file']['tmp_name'] ) && is_uploaded_file( $_FILES['file']['tmp_name'] ) ) { $out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" ); - if ( $out ) + if ( $out ) { $in = fopen( $_FILES['file']['tmp_name'], "rb" ); - if ( $in ) + if ( $in ) { while ( $buff = fread( $in, 4096 ) ) fwrite($out, $buff); - } + } else die( '{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}' ); fclose( $in ); fclose( $out ); @unlink( $_FILES['file']['tmp_name'] ); - } + } else die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' ); - } + } else die( '{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}' ); -} -else +} +else { $out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" ); if ( $out ) { $in = fopen( "php://input", "rb" ); - if ( $in ) + if ( $in ) { while ( $buff = fread( $in, 4096 ) ) fwrite( $out, $buff ); @@ -115,22 +130,22 @@ else fclose( $in ); fclose( $out ); - } + } else die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' ); } -if ( !$chunks || $chunk == $chunks - 1 ) +if ( !$chunks || $chunk == $chunks - 1 ) { rename( "{$filePath}.part", $filePath ); - - $mdb -> insert( 'pp_articles_files', [ + + $mdb -> insert( 'pp_articles_files', [ 'article_id' => null, 'src' => substr( $filePath, 5, strlen( $filePath ) ) ] ); - + $file_id = $mdb -> id(); - + $file_name = explode( '/', $filePath ); $file_name = $file_name[ count( $file_name ) - 1 ]; } diff --git a/libraries/plupload/upload-articles-images.php b/libraries/plupload/upload-articles-images.php index deec7bc..b2c6dad 100644 --- a/libraries/plupload/upload-articles-images.php +++ b/libraries/plupload/upload-articles-images.php @@ -4,6 +4,21 @@ require_once '../medoo/medoo.php'; date_default_timezone_set( 'Europe/Warsaw' ); session_start(); +$upload_token = $_REQUEST['upload_token'] ?? ''; +if ( !isset( $_SESSION['upload_tokens'][$upload_token] ) ) { + http_response_code(403); + echo json_encode( ['error' => 'Brak tokenu uploadu'] ); + exit; +} + +$tokenData = $_SESSION['upload_tokens'][$upload_token]; +if ( $tokenData['expires'] < time() ) { + unset( $_SESSION['upload_tokens'][$upload_token] ); + http_response_code(403); + echo json_encode( ['error' => 'Token wygasł'] ); + exit; +} + $mdb = new medoo( [ 'database_type' => 'mysql', 'database_name' => $database['name'], @@ -34,14 +49,14 @@ $fileName = isset( $_REQUEST["name"] ) ? $_REQUEST["name"] : ''; $fileName = preg_replace( '/[^\w\._]+/', '-', $fileName ); -if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) ) +if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) ) { $ext = strrpos( $fileName, '.' ); $fileName_a = substr( $fileName, 0, $ext ); $fileName_b = substr( $fileName, $ext ); $count = 1; - + while ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b ) ) $count++; @@ -50,9 +65,9 @@ if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) ) $filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName; -if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir ) ) ) +if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir ) ) ) { - while ( ( $file = readdir( $dir ) ) !== false ) + while ( ( $file = readdir( $dir ) ) !== false ) { $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file; @@ -62,7 +77,7 @@ if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir ) } closedir($dir); -} +} else die( '{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}' ); @@ -72,40 +87,40 @@ if ( isset( $_SERVER["HTTP_CONTENT_TYPE"] ) ) if ( isset( $_SERVER["CONTENT_TYPE"] ) ) $contentType = $_SERVER["CONTENT_TYPE"]; -if ( strpos( $contentType, "multipart" ) !== false ) +if ( strpos( $contentType, "multipart" ) !== false ) { - if ( isset( $_FILES['file']['tmp_name'] ) && is_uploaded_file( $_FILES['file']['tmp_name'] ) ) + if ( isset( $_FILES['file']['tmp_name'] ) && is_uploaded_file( $_FILES['file']['tmp_name'] ) ) { $out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" ); - if ( $out ) + if ( $out ) { $in = fopen( $_FILES['file']['tmp_name'], "rb" ); - if ( $in ) + if ( $in ) { while ( $buff = fread( $in, 4096 ) ) fwrite($out, $buff); - } + } else die( '{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}' ); fclose( $in ); fclose( $out ); @unlink( $_FILES['file']['tmp_name'] ); - } + } else die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' ); - } + } else die( '{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}' ); -} -else +} +else { $out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" ); if ( $out ) { $in = fopen( "php://input", "rb" ); - if ( $in ) + if ( $in ) { while ( $buff = fread( $in, 4096 ) ) fwrite( $out, $buff ); @@ -115,18 +130,18 @@ else fclose( $in ); fclose( $out ); - } + } else die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' ); } -if ( !$chunks || $chunk == $chunks - 1 ) +if ( !$chunks || $chunk == $chunks - 1 ) { rename( "{$filePath}.part", $filePath ); - + $o = $mdb -> max( 'pp_articles_images', 'o' ); - - $mdb -> insert( 'pp_articles_images', [ + + $mdb -> insert( 'pp_articles_images', [ 'article_id' => $_POST['article_id'] ? $_POST['article_id'] : null, 'src' => substr( $filePath, 5, strlen( $filePath ) ), 'o' => ++$o diff --git a/libraries/plupload/upload-product-files.php b/libraries/plupload/upload-product-files.php index 846fc45..735b9bf 100644 --- a/libraries/plupload/upload-product-files.php +++ b/libraries/plupload/upload-product-files.php @@ -4,6 +4,21 @@ require_once '../medoo/medoo.php'; date_default_timezone_set( 'Europe/Warsaw' ); session_start(); +$upload_token = $_REQUEST['upload_token'] ?? ''; +if ( !isset( $_SESSION['upload_tokens'][$upload_token] ) ) { + http_response_code(403); + echo json_encode( ['error' => 'Brak tokenu uploadu'] ); + exit; +} + +$tokenData = $_SESSION['upload_tokens'][$upload_token]; +if ( $tokenData['expires'] < time() ) { + unset( $_SESSION['upload_tokens'][$upload_token] ); + http_response_code(403); + echo json_encode( ['error' => 'Token wygasł'] ); + exit; +} + $mdb = new medoo( [ 'database_type' => 'mysql', 'database_name' => $database['name'], @@ -34,14 +49,14 @@ $fileName = isset( $_REQUEST["name"] ) ? $_REQUEST["name"] : ''; $fileName = preg_replace( '/[^\w\._]+/', '-', $fileName ); -if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) ) +if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) ) { $ext = strrpos( $fileName, '.' ); $fileName_a = substr( $fileName, 0, $ext ); $fileName_b = substr( $fileName, $ext ); $count = 1; - + while ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b ) ) $count++; @@ -50,9 +65,9 @@ if ( file_exists( $targetDir . DIRECTORY_SEPARATOR . $fileName ) ) $filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName; -if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir ) ) ) +if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir ) ) ) { - while ( ( $file = readdir( $dir ) ) !== false ) + while ( ( $file = readdir( $dir ) ) !== false ) { $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file; @@ -62,7 +77,7 @@ if ( $cleanupTargetDir && is_dir( $targetDir ) && ( $dir = opendir( $targetDir ) } closedir($dir); -} +} else die( '{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}' ); @@ -72,40 +87,40 @@ if ( isset( $_SERVER["HTTP_CONTENT_TYPE"] ) ) if ( isset( $_SERVER["CONTENT_TYPE"] ) ) $contentType = $_SERVER["CONTENT_TYPE"]; -if ( strpos( $contentType, "multipart" ) !== false ) +if ( strpos( $contentType, "multipart" ) !== false ) { - if ( isset( $_FILES['file']['tmp_name'] ) && is_uploaded_file( $_FILES['file']['tmp_name'] ) ) + if ( isset( $_FILES['file']['tmp_name'] ) && is_uploaded_file( $_FILES['file']['tmp_name'] ) ) { $out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" ); - if ( $out ) + if ( $out ) { $in = fopen( $_FILES['file']['tmp_name'], "rb" ); - if ( $in ) + if ( $in ) { while ( $buff = fread( $in, 4096 ) ) fwrite($out, $buff); - } + } else die( '{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}' ); fclose( $in ); fclose( $out ); @unlink( $_FILES['file']['tmp_name'] ); - } + } else die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' ); - } + } else die( '{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}' ); -} -else +} +else { $out = fopen( "{$filePath}.part", $chunk == 0 ? "wb" : "ab" ); if ( $out ) { $in = fopen( "php://input", "rb" ); - if ( $in ) + if ( $in ) { while ( $buff = fread( $in, 4096 ) ) fwrite( $out, $buff ); @@ -115,22 +130,22 @@ else fclose( $in ); fclose( $out ); - } + } else die( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' ); } -if ( !$chunks || $chunk == $chunks - 1 ) +if ( !$chunks || $chunk == $chunks - 1 ) { rename( "{$filePath}.part", $filePath ); - - $mdb -> insert( 'pp_shop_products_files', [ + + $mdb -> insert( 'pp_shop_products_files', [ 'product_id' => null, 'src' => substr( $filePath, 5, strlen( $filePath ) ) ] ); - + $file_id = $mdb -> id(); - + $file_name = explode( '/', $filePath ); $file_name = $file_name[ count( $file_name ) - 1 ]; } diff --git a/libraries/plupload/upload-product-images.php b/libraries/plupload/upload-product-images.php index af9100a..88894b9 100644 --- a/libraries/plupload/upload-product-images.php +++ b/libraries/plupload/upload-product-images.php @@ -4,6 +4,21 @@ require_once '../medoo/medoo.php'; date_default_timezone_set( 'Europe/Warsaw' ); session_start(); +$upload_token = $_REQUEST['upload_token'] ?? ''; +if ( !isset( $_SESSION['upload_tokens'][$upload_token] ) ) { + http_response_code(403); + echo json_encode( ['error' => 'Brak tokenu uploadu'] ); + exit; +} + +$tokenData = $_SESSION['upload_tokens'][$upload_token]; +if ( $tokenData['expires'] < time() ) { + unset( $_SESSION['upload_tokens'][$upload_token] ); + http_response_code(403); + echo json_encode( ['error' => 'Token wygasł'] ); + exit; +} + $mdb = new medoo( [ 'database_type' => 'mysql', 'database_name' => $database['name'], diff --git a/updates/0.20/ver_0.230.zip b/updates/0.20/ver_0.230.zip new file mode 100644 index 0000000..3acba7e Binary files /dev/null and b/updates/0.20/ver_0.230.zip differ diff --git a/updates/changelog.php b/updates/changelog.php index 889388d..47e06c3 100644 --- a/updates/changelog.php +++ b/updates/changelog.php @@ -1,3 +1,6 @@ +ver. 0.230
+- FIX - poprawki bezpieczeństwa +
ver. 0.229
- NEW - pola dodatkowe z opcją wymagane/niewymagane
diff --git a/updates/versions.php b/updates/versions.php index 6451a5c..f40d406 100644 --- a/updates/versions.php +++ b/updates/versions.php @@ -1,5 +1,5 @@